dirtycash Posted December 1, 2013 Report Posted December 1, 2013 Link Vulnerabil:http://us.ard.yahoo.com/SIG=15n3q5c29/M=289534.11223993.11781333.10885343/D=he/S=18343859:FOOT2/Y=YAHOO/EXP=1274825933/L=YcSUjEKjqNAC2RCjS_sbeRbo0GpsAkv8MK0ACDlS/B=pFuES2KJiR0-/J=1274818733570885/K=FPiTgxmujdul0W5j.k5shQ/A=4808190/R=0/SIG=1136qnvkg/* Exploit Adaugam la sfarsitul link-ului dupa */ site-u dorit, de exemplu : RST.Proof:http://us.ard.yahoo.com/SIG=15n3q5c29/M=289534.11223993.11781333.10885343/D=he/S=18343859:FOOT2/Y=YAHOO/EXP=1274825933/L=YcSUjEKjqNAC2RCjS_sbeRbo0GpsAkv8MK0ACDlS/B=pFuES2KJiR0-/J=1274818733570885/K=FPiTgxmujdul0W5j.k5shQ/A=4808190/R=0/SIG=1136qnvkg/*http://rstforums.comSursa:Full Disclosure: Yahoo Open Redirect Vulnerability - or "Designing vulnerabilities"Rog un moderator sa mute topic-ul la sectiunea Exploit-uri Quote
tpad Posted December 1, 2013 Report Posted December 1, 2013 (edited) Nice. Edited December 1, 2013 by tpad Quote
florin_darck Posted December 1, 2013 Report Posted December 1, 2013 Raportat de mine si am primit primit raspunsul asta Thanks for the submission. Can you please let us know the complete POC; step by step instruction for how you created that url. Have you received "Yahoo! has detected potential security problems from following this link; reasons for this may include it being an expired link, etc. Click here at your own risk. " error when you generated this issue?Le-am dat mai multe detalii acum aprx. o saptamana si momentan nu am primit nici un raspunsPS: Am mai raportat o vulnerabilitate tot atunci care a fost validata Quote
Active Members dancezar Posted December 1, 2013 Active Members Report Posted December 1, 2013 Raportat de mine si am primit primit raspunsul asta Le-am dat mai multe detalii acum aprx. o saptamana si momentan nu am primit nici un raspunsPS: Am mai raportat o vulnerabilitate tot atunci care a fost validataIn cat timp ti-au raspuns? la mine m-au tinut de o luna ba ca sa le trimit prin formu de bugbouny ba sa le urc video-ul pe youtube si nici acuma nu am un raspuns. Quote
florin_darck Posted December 1, 2013 Report Posted December 1, 2013 In cat timp ti-au raspuns? la mine m-au tinut de o luna ba ca sa le trimit prin formu de bugbouny ba sa le urc video-ul pe youtube si nici acuma nu am un raspuns.In 8 zile.. Quote
awnly3jhc2g Posted December 1, 2013 Report Posted December 1, 2013 Primesti ceva pentru asa ceva? Pentru faptul ca raportezi o astfel de problema? Quote
SilenTx0 Posted December 1, 2013 Report Posted December 1, 2013 Eu am raportat un xss in ro.yahoo.com acum 2 luni si inca nici un raspuns:)) Quote
dirtycash Posted December 1, 2013 Author Report Posted December 1, 2013 # Florine , e gasit de tine si de Robert ala. Deci cine o sa se aleaga cu ce? Quote